How Windows Update Client and NAP Client View Important Updates

How Windows Update Client and NAP Client View Important Updates

  • Comments 1
  • Likes

If you are configuring Windows Security Heath Validator for Security Update Protection, you have multiple options.  One of these options are 'Important and above' as shown below:

image

This being the case, you may think that any Important Update available on the client will force the client to be non complaint. You may see the following on some of your clients.  The two screenshots below show Windows Update detected 4 Important Updates, but the NAP Status is still marked as compliant.

image

image

It appears that you have Important Updates available, but the client is still being marked as compliant.  This can be a little confusing if you don’t understand the difference between what Network Access Protection is looking for and what Windows Update is detecting.

Windows Update clients detects all Important updates and do not distinguish between Security updates and non Security Updates.  The Windows System Health Validator is only concerned with Important Security updates.

The best way to determine if the client should be non-compliant when Windows Update is showing 'Important Update available' is to view available updates and determine if they are marked as Security Updates.  In the example below you see that the first five Important Updates are Security updates.  This will cause your client to be flagged as non-compliant until they are installed. The last Important Update on this list will not be recognized by NAP client.

image

Recommended Client Configuration will help you avoid this situation.  If you are using Microsoft Update, Windows Update, or WSUS, you should configure your client to download and automatically install your updates.  This will prevent your client from going non compliant in the first place because of updates that are available but not installed.

image

Also check out the newly available NAP Design Guide!

http://technet.microsoft.com/en-us/library/dd125338.aspx

- Louis Hardy

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • In a previous blog entry , I talked about the very cool blog written by the Microsoft Enterprise Networking